Tue Oct 26, 2021 5:18 pm
Hi again...
If i add a "user" in PPP\Secrets, then I can connect:
16:09:42 ipsec,info respond new phase 1 (Identity Protection): 192.168.1.120[500]<=>192.168.1.116[500]
16:09:43 ipsec,info ISAKMP-SA established 192.168.1.120[500]-192.168.1.116[500] spi:5b0ce37769e8ffe2:5a18ebe37ba9279a
16:09:44 l2tp,info first L2TP UDP packet received from 192.168.1.116
16:09:45 l2tp,ppp,info,account abel logged in, 172.26.1.219 from 192.168.1.116
16:09:45 l2tp,ppp,info <l2tp-abel>: authenticated
16:09:45 l2tp,ppp,info <l2tp-abel>: connected
but if I disable the "Secret"...
16:12:26 ipsec,info respond new phase 1 (Identity Protection): 192.168.1.120[500]<=>192.168.1.116[500]
16:12:28 ipsec,info ISAKMP-SA established 192.168.1.120[500]-192.168.1.116[500] spi:35ec61f2a93ccfa5:c617f166a6376f63
16:12:29 l2tp,info first L2TP UDP packet received from 192.168.1.116
16:12:29 l2tp,ppp,error <192.168.1.116>: user abel authentication failed - radius timeout
16:12:29 ipsec,info purging ISAKMP-SA 192.168.1.120[500]<=>192.168.1.116[500] spi=35ec61f2a93ccfa5:c617f166a6376f63.
16:12:29 ipsec,info ISAKMP-SA deleted 192.168.1.120[500]-192.168.1.116[500] spi:35ec61f2a93ccfa5:c617f166a6376f63 rekey:1
If I make ping to Windows Server (Radius) Works fine
[admin@MK] > ping
address: 172.26.1.10
SEQ HOST SIZE TTL TIME STATUS
0 172.26.1.10 56 128 1ms
1 172.26.1.10 56 128 1ms
2 172.26.1.10 56 128 1ms
3 172.26.1.10 56 128 1ms
4 172.26.1.10 56 128 1ms
5 172.26.1.10 56 128 1ms
6 172.26.1.10 56 128 1ms
7 172.26.1.10 56 128 1ms
sent=8 received=8 packet-loss=0% min-rtt=1ms avg-rtt=1ms max-rtt=2ms
Could be a Firewall problem??
[admin@MK] /ip firewall filter> print
[admin@MK_TParra] /ip firewall filter> print
Flags: X - disabled, I - invalid, D - dynamic
0 D ;;; special dummy rule to show fasttrack counters
chain=forward action=passthrough
1 chain=input action=accept protocol=udp port=1701,500,4500 log=no log-prefix=""
2 chain=input action=accept protocol=ipsec-esp log=no log-prefix=""
3 ;;; defconf: accept ICMP
chain=input action=accept protocol=icmp
4 chain=input action=accept protocol=tcp dst-port=8291 log=no log-prefix=""
5 ;;; defconf: accept established,related
chain=input action=accept connection-state=established,related
6 ;;; defconf: drop all from WAN
chain=input action=drop in-interface=1 WAN
7 ;;; defconf: fasttrack
chain=forward action=fasttrack-connection connection-state=established,related
8 ;;; defconf: accept established,related
chain=forward action=accept connection-state=established,related
9 ;;; defconf: drop invalid
chain=forward action=drop connection-state=invalid
10 ;;; defconf: drop all from WAN not DSTNATed
chain=forward action=drop connection-state=new connection-nat-state=!dstnat in-interface=1 WAN
Thanks for all!!